The second 2011 meeting of the APEC Privacy Subgroup took place in San Francisco in mid September, and finalised the package of documents that comprise the Cross Border Privacy Rules (CBPR) system. Endorsed by the parent Electronic Commerce Steering Group (ECSG), these will now go forward for ratification by Ministers in Hawaii in November, and subsequent implementation. The Subgroup’s 2012 Work Plan envisages establishment of the Joint Oversight Panel (JoP), commencement of recognition of Accountability Agents (AAs), and facilitating participation by economies in the CBPR system. Implicitly, it is also expected that recognised AAs will start to certify applicant businesses as meeting the CBPR programme requirements. The work plan also includes development of the website that will list participating businesses, recognised AAs and Privacy Enforcement Authorities (PEAs), and further promotion and explanation of the system.